The present invention relates to an access restricted file to which an access restriction is applied by employing a cryptographic method, etc., and an access restricted file creating apparatus that creates the access restricted file concerned.
Generally speaking, when certain important data is taken out to an external environment and/or distributed over the external environment, an access restriction processing, employing a cryptographic method, etc., is applied to the data concerned.
If the concerned data was simply encrypted on that occasion, it becomes impossible to monitor and maintain the security of the data concerned, in case that a key of cryptograph has been obtained by using a certain illegal method and the encrypted data has been decrypted by using the above-obtained key of cryptograph. Further, after the encrypted data provided with an access restriction has been distributed widely, there would possibly occur such a case that the user (or manager) wishes to change the contents of restriction information, such as heightening the security level of the concerned data, changing the current password, etc.
With respect to the print restriction of document data, Tokkai 2005-309881 (Japanese Patent Application Laid-Open Publication) sets forth a system for which the abovementioned problems and demands are taken into account. The disclosed system is so constituted that the management server controls the restriction information, such as a key of cryptograph, IDs (Identification) of a printer and a document allowed to be used for printing, etc., while the printer, which is instructed to conduct an operation for printing a document based on the encrypted document data, transmits the document ID of the encrypted document data concerned and the printer ID of its own, etc., to the management server so as to inquire an allowance or disallowance of the concerned printing operation, and then, only in the case of allowance, the printer decrypts the encrypted document data by using the key of cryptograph owned by the management server so as to implement the printing operation based on the decrypted document data. According to the above-disclosed system, the access restriction can be achieved by employing the restriction information, such as the printer ID, the document ID, etc., and in addition, by changing the restriction information to be registered into the management server, it is possible to change the conditions for determining the allowance or disallowance of the concerned printing operation.
According to the technology set forth in the Tokkai 2005-309881, when the user has taken out important encrypted data to a remote destination site of a business trip or the like, the printer that can print an image based on the encrypted data is limited to only such a printer that is provided with a function for accessing the management server. For this reason, unless the printer provided with such the function exists in the remote destination site, it is impossible for the user to decrypt the encrypted data so as to print an image represented by the decrypted data, even though it is possible to change the restriction information registered in the management server (for instance, the printer ID of the printer allowed to be used for printing).